<?php

	function uri_ampersands($str = '')
  {
  	return str_replace('&', '&amp;', str_ireplace('&amp;', '&', $str));
  }
	
	
	
	function ul_menu($menus_id = -1, $class = false)
	{
		if ($class === false) $class = "menu";

		$menu = db_select($menus_id, 'menus', true);
	
		echo "<ul class=\"$class\" title=\"{$menu['name']}\">";
		ul_menu_links($menu['id']);		
		echo "</ul>";
	}
	
	
	function ul_menu_links($menus_id = false, $parent_id = 0)
	{
		if ($menus_id === false) {
			echo "<li>INVALID MENUS_ID! [$menus_id]</li>";
			return false;
		}
		
		$sql = "SELECT * FROM menu_links WHERE menus_id = $menus_id AND parent_id = $parent_id ORDER BY sort, id ASC";
		$qry = db_query($sql);
		if (db_num_rows($qry) > 0) {
  		while ($link = db_fetch_assoc($qry)) {
				#remove join urls for logged_in() folks
				if ($link['uri'] == '/join.html' && logged_in()) continue;
			
				#auto toggle login / logout uri
				if ($link['uri'] == '/login.html' && logged_in()) {
					$link['label'] = 'Logout';
					$link['uri'] = '/logout.html';
				} elseif ($link['uri'] == '/logout.html' && !logged_in()) {
					$link['label'] = 'Login';
					$link['uri'] = '/login.html';
				}
				
				#check perms so we know if we should show the link
				#1. see if uri is a page
				$page = array();
				$sql = "SELECT id, private FROM pages WHERE uri = '{$link['uri']}'";
      	$qry_pages = db_query($sql);
      	if (db_num_rows($qry_pages) == 1) {
    			$module = 'pages';
    			$file = 'index';
    			$page = db_fetch_assoc($qry_pages);
      	} else {
  			#2. see if we are trying to load a module
  				$module = trim($request_uri, '/');
  				$parts = explode('/', $module);
  				$file = ($parts[0] == 'admin') ? array_shift($parts) : '';
  				$module = array_shift($parts);
  				foreach ($parts as $part) {
  					$file.= "/$part";
  				}
  				$file = trim($file, '/');
  				
  				if (file_exists(PHPDRIVER . "modules/$module/{$file}.php")) {
  					$module = $module;
  					$file = $file;
						$page = array('id' => false, 'private' => false);
  				} else {
						//we don't know what it is, so uh.. whatever, yo...
						$module = $file = false;
						$page = array('id' => false, 'private' => false);
					}
  			}
				
				if ($module && !authorized($module, $file)) continue;
				elseif ($page['id'] && $page['private'] == 1 && !admin()) {
					//check perms on page
      		$sql = "SELECT COUNT(1) FROM pages_to_users WHERE pages_id = {$pages['id']} AND users_id = {$_SESSION['current_user']['id']}";
    			if (db_result(db_query($sql), 0) == 0) {
    				$sql = "SELECT COUNT(1) FROM pages_to_user_roles WHERE pages_id = {$pages['id']} AND user_roles_id IN (SELECT roles_id FROM users_to_user_roles WHERE users_id = {$_SESSION['current_user']['id']})";
    				if (db_result(db_query($sql), 0) == 0) continue;//this user isn't part of the "in" croud for this page...
    			}
				}
					
  			echo "<li><a href=\"{$link['uri']}\">{$link['label']}</a>";
  			if (db_result(db_query($sql = "SELECT COUNT(1) FROM menu_links WHERE menus_id = $menus_id AND parent_id = {$link['id']}"), 0) > 0) {
					echo '<ul>';
					ul_menu_links($menus_id, $link['id']);
					echo '</ul>';
				}
  			echo '</li>';
  		}
		}
	}